OVH Community, your new community space.

Ip failover question


sb4100
09-03-2011, 13:03
thank you, this has worked I believe thanks

Starbucks
06-07-2009, 16:32
http://www.ip-adress.com/ and RIPE both show as UK (got the first one back in a email from support) which is wierd, I will give it a week should be okay.

Myatu
06-07-2009, 09:42
Quote Originally Posted by monkey56657
Tinyproxy listening on all interfaces. I want the outbound connection to go from the same IP as I connect into.
Hmm... I'm taking a blind stab at this so I'm not sure if this will work.

Code:
iptables -t mangle -A PREROUTING -d 1.1.1.1 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -d 1.1.1.2 -j MARK --set-mark 2
iptables -t nat -A POSTROUTING -o eth0 -m mark --mark 1 -j SNAT --to 1.1.1.1
iptables -t nat -A POSTROUTING -o eth0 -m mark --mark 2 -j SNAT --to 1.1.1.2
where "1.1.1.1" is the first IP (failover or main) and "1.1.1.2" is the second IP (failover).

The idea any traffic destined (PREROUTING + "-d") to IP 1.1.1.1 gets marked with a "0x1", and so on for the other IP(s).

If SNAT notices outgoing traffic on eth0 marked as "0x1", it will make it appear as if it came from 1.1.1.1, and so on.

Oh, PS: If you're going to try this, don't use the main IP for now until you're sure it works

freshwire
06-07-2009, 08:24
Tinyproxy listening on all interfaces. I want the outbound connection to go from the same IP as I connect into.

Starbucks
06-07-2009, 08:19
Quote Originally Posted by Myatu
Great! Head on over to http://whatismyipaddress.com; they use a recent GeoIP database...
Showing as France there too.

Myatu
06-07-2009, 08:16
Great! Head on over to http://whatismyipaddress.com; they use a recent GeoIP database...

Starbucks
06-07-2009, 08:07
Quote Originally Posted by Myatu
Hmm, interesting. I'm trying to figure out why that is (perhaps too early in the morning to do that... )

Try this:
Code:
iptables -t nat -A POSTROUTING -o eth0 -p tcp -m tcp --dport 80 -j SNAT --to-source 1.2.3.4
Where "1.2.3.4" is your failover IP. I guess you may have to add a match (-m) for the traffic on port 80 when it is tunnelled.
Works, lovely, cheers man.

Edit: Only problem now is that the IP Failover is showing france as the country code when showing England in the OVH Manager. Wierd. Will pop in a ticket for that.

Myatu
06-07-2009, 07:25
Hmm, interesting. I'm trying to figure out why that is (perhaps too early in the morning to do that... )

Try this:
Code:
iptables -t nat -A POSTROUTING -o eth0 -p tcp -m tcp --dport 80 -j SNAT --to-source 1.2.3.4
Where "1.2.3.4" is your failover IP. I guess you may have to add a match (-m) for the traffic on port 80 when it is tunnelled.

Starbucks
05-07-2009, 21:24
Quote Originally Posted by Myatu
I'm not sure if I understand your question Can you give a scenario (and the proxy product name)?
Using putty as a socks proxy:
http://www.virtualroadside.com/blog/...y-using-putty/

I can use that but even if I have the NAT forward all ports (using the above script) it still shows as the server IP and not the failover IP.

Works fine when using Lynx using SSH, but not using socks through putty.

Myatu
04-07-2009, 23:26
I'm not sure if I understand your question Can you give a scenario (and the proxy product name)?

freshwire
04-07-2009, 19:09
The code above is working well thanks.. Now how could I get it to work on my proxy and magically go out on the IP that I proxy in to ? Tough one

Myatu
04-07-2009, 18:00
Try this instead (you need to speficy "-t nat"):

Code:
iptables -t nat -L
Where's the socks proxy located?

Starbucks
04-07-2009, 11:28
Used the commands above and there appears to be no change:

iptables -L output:
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


Any ideas? No nat rule in there (or is it seperate somewhere?)

Edit: works in lynx, but not when I use SSH and a socks proxy.

Myatu
28-06-2009, 17:45
In theory it would be, but I think that in practice you'll probably be pulling your hairs trying to get that accomplished

gased
27-06-2009, 20:54
That is nice
Is there a way only one of the two users have different ip from the other user?

Myatu
27-06-2009, 17:42
Quick response!

gased
27-06-2009, 17:39
Yeah that is what I meant. I want the IP failover to appear on ip-adress etc.. Not only the primary ip.

Myatu
27-06-2009, 17:38
Are you using Linux? If so, you can use the SNAT function of iptables (there's also MASQUERADE, but since a good portion of us only have 1 nic, let's stick to SNAT).

For example, to make ALL outgoing traffic appear as coming from IP 1.2.3.4:

Code:
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 1.2.3.4
To make outgoing web traffic (to port 80) appear as coming from IP 1.2.3.4:

Code:
iptables -t nat -A POSTROUTING -o eth0 -p tcp --dport 80 -j SNAT --to 1.2.3.4
To make outgoing traffic form a particular internal IP 192.168.0.1 (ie., when using a dummy interface or virtualisation) appear as coming from IP 1.2.3.4:

Code:
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.1 -j SNAT --to 1.2.3.4
Your only limitation is that the "--to" must have a valid IP address, or else they'll disappear in a big black hole somewhere inside OVHs routers/switches - only Oles knows about this place So, "1.2.3.4" has to be replaced with an actual failover IP address.

The other thing is that "-o eth0" isn't completely necessary, but it avoids the SNAT being applied on internal traffic, which is something you might not want.

I'm using this method for web browsing traffic, so I'm sent to Google UK instead of Google France (and similar for other sites).

freshwire
27-06-2009, 09:59
Recently I had some trouble with this. Seems to me as if OVH is always going out on the primary IP.

DedicatedPros
27-06-2009, 09:51
You'd have to bind that failover IP to the server, I could help more if I knew what kind of software you're running on the server and what you mean by sites (ie. ftp, proxy, bnc, etc.)

gased
27-06-2009, 09:11
Hi there,
I wanna know if there is any way so other sites see my failover IP instead of my real IP when logging in to their sites through my server.